CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

New Config Values/Annotations for Ai Summaries

Browse Source 
Each engine pulls the same repo into the same location and shows the summaries.

Which repo and where to keep them is advanced, but turning AI summaries on or off is not.
This commit is contained in:
Corey Ogburn
2024-08-06 11:23:00 -06:00
parent 09f7329a21
commit fc89604982
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/soc/defaults.yaml
View File

@@ -1312,6 +1312,9 @@ soc:
kratos:
hostUrl:
elastalertengine:
aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
aiRepoPath: /opt/sensoroni/repos
showAiSummaries: true
autoUpdateEnabled: true
autoEnabledSigmaRules:
default:
@@ -1391,6 +1394,9 @@ soc:
userFiles:
- rbac/users_roles
strelkaengine:
aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
aiRepoPath: /opt/sensoroni/repos
showAiSummaries: true
autoEnabledYaraRules:
- securityonion-yara
autoUpdateEnabled: true
@@ -1412,6 +1418,9 @@ soc:
stateFilePath: /opt/sensoroni/fingerprints/strelkaengine.state
integrityCheckFrequencySeconds: 1200
suricataengine:
aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
aiRepoPath: /opt/sensoroni/repos
showAiSummaries: true
autoUpdateEnabled: true
communityRulesImportFrequencySeconds: 86400
communityRulesImportErrorSeconds: 300

33
salt/soc/soc_soc.yaml
View File

@@ -87,6 +87,17 @@ soc:
global: True
modules:
elastalertengine:
aiRepoUrl:
description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True
advanced: True
aiRepoPath:
description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True
advanced: True
showAiSummaries:
description: Show AI summaries for ElastAlert rules.
global: True
additionalAlerters:
title: Additional Alerters
description: Specify additional alerters to enable for all Sigma rules, one alerter name per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. Note that the configuration parameters for these alerters must be provided in the ElastAlert configuration section. Filter for 'Alerter' to find this related setting. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key.
@@ -193,6 +204,17 @@ soc:
advanced: True
forcedType: int
strelkaengine:
aiRepoUrl:
description: URL to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True
advanced: True
aiRepoPath:
description: Path to the AI repository. This is used to pull in AI models for use in ElastAlert rules.
global: True
advanced: True
showAiSummaries:
description: Show AI summaries for ElastAlert rules.
global: True
autoEnabledYaraRules:
description: 'YARA rules to automatically enable on initial import. Format is $Ruleset - for example, for the default shipped ruleset: securityonion-yara'
global: True
@@ -216,6 +238,17 @@ soc:
helpLink: yara.html
airgap: *serulesRepos
suricataengine:
aiRepoUrl:
description: URL to the AI repository. This is used to pull in AI models for use in Suricata rules.
global: True
advanced: True
aiRepoPath:
description: Path to the AI repository. This is used to pull in AI models for use in Suricata rules.
global: True
advanced: True
showAiSummaries:
description: Show AI summaries for Suricata rules.
global: True
communityRulesImportFrequencySeconds:
description: 'How often to check for new Suricata rules (in seconds).'
global: True